How Bitcoin thieves used an Android flaw to steal money, and how it affects everyone else

Fans of the fledgling cryptocurrency known as Bitcoin got quite a shock in recent days as some clever thieves worked out yet another method to swipe virtual cash from unsuspecting users. The source of the theft was traced to a bug in Android, and now Google has acknowledged the flaw exists. Not only could this further tarnish the reputation of Bitcoin as a secure anonymous currency, but it could spell trouble for an enormous number of other Android apps.

The Bug

Computer systems often have need of random numbers, and Android is no exception. Google has been using the Java Cryptography Architecture (JCA) ever since API version 1 when Android was released in 2008. Part of JCA is a class known as SecureRandom. You can probably guess what it’s supposed to do from the name.

When an app invokes SecureRandom, the OS is supposed to generate a random number. This process is only secure if the output of this process in non-deterministic, at least in the practical sense — if it can be predicted, it’s useless. SecureRandom is supposed to run Android’s OpenSSL PRNG (pseudorandom number generator) with an entropy seed from /dev/urandom, a protected system root file.

However, this isn’t working correctly on most versions of Android. When an app tries to generate a random number, the urandom file is not being accessed at all. As a result, there is no random seed, making the generation process flawed from the start.

Supposedly random numbers generated using the standard SecureRandom class turn out to be slightly less random than they ought to be. Numbers output by this tool may be repeated and therefore are predictable. According to Google’s assessment of the problem, apps that explicitly read from /dev/urandom (using the setSeed function in Android) or use a separate PRNG are not affected, but very few apps bother with that. A small number do go to the trouble, though. This is the root cause of the bug that resulted in stolen Bitcoins.

The Bitcoin Caper

So how does an obscure bug in pseudorandom number generation result in stolen Bitcoins? It’s all about encryption keys. Bitcoin uses public/private key cryptography to sign all transactions. Many apps use SecureRandom to generate these wallet keys, but the bug caused them to actually reuse numbers on occasion.

As anyone that’s ever dabbled in cryptography knows, the more examples you have of a code, the easier it is to break. The public keys on Bitcoin transactions are easy to scan, which is probably what the perpetrators of this hack did. They looked for repeats in public keys, and used that data to solve for the private keys, which should only be known to the owner of the Bitcoin wallet. At that point, the attacker had the user’s Bitcoin address. It was a simple matter to transfer the money to a different account.

It’s hard to know how much money has been stolen as this bug has existed for a long time — there were reports of SecureRandom repeats several years ago. It’s possible some of the unexplained Bitcoin thefts of recent years stem from this problem. All Bitcoin enthusiasts have been able to definitively point to so far is the theft of 55 Bitcoins last week, valued at $5,720.

Tagged In

I could never buy into bitcoins because the whole thing was so tightly private for so long that I feel like the barrier to entry created an unfair monopoly. Is it bad that I somewhat vicariously want it to die and be replaced by something else from scratch that I can get in on the ground floor on? >.>

James Tolson

“”A small number do go the the trouble”” oh dear was somebody tired when posting this article tut tut lol

Dustymack

Still don’t understand how a bit-coin has any value at all. From what I understand, the value comes from calculating a hash value. Those values use resources in real life that cost money. The problem is why doesn’t each gene unfolded from folding home come with a monetary value attached. Whats stopping someone from making a bit-coin software that mines coins for zero profit.I know it sounds dumb but some people like to watch the world burn. Also, the resources used isn’t enough for me to believe that those coins have any value at all.

McNo

Any item is worth only as much as you or someone else thinks it is. If enough people think a bit-coin is worth $100 and is prepared to pay that much for it, than that is what it is worth. The problem is that you can’t be sure that any people are prepared to pay $100 for it tomorrow. As long as the value seems to be going up, the world is full of people who want to jump on the band-wagon, but as soon as enough people start feeling a bit unsure about the value the market will tank. When it happens I think the reaction will be quite fast.

jkdisq24

The “ground-floor” envy is understandable. However, it’s not too late.
Anyone can freely read up on bitcoin and start using it. There is no
barrier to entry.

Bitcoin mining (double hashing some unique + random data with sha-256) is not
done to “generate coins” or to unfold genes or to crack passwords.
Mining is done to find a block. Blocks are used to store transactions.
There can be no spending of coins without transactions, so
someone has to keep finding more and more blocks. For the effort to
find blocks there is a reward of bitcoins which started at 50 per block,
now it’s 25, and it will be halved every 210K blocks, ensuring that no
more coins will be produced after approx 21 million. The resources used
up to find blocks (hardware and electricity) do not really correlate to bitcoin’s
value. That’s not what makes bitcoins valuable. The divisibility, finite supply, low
transaction fees, non-confiscation, and decentralized nature are what
gives it value.

Use of this site is governed by our Terms of Use and Privacy Policy. Copyright 1996-2016 Ziff Davis, LLC.PCMag Digital Group All Rights Reserved. ExtremeTech is a registered trademark of Ziff Davis, LLC. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis, LLC. is prohibited.